PT-2008-3981 · Z Blogphp · Blogphp
Published
2008-06-03
·
Updated
2017-08-08
·
CVE-2008-2524
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
BlogPHP version 2.0
Description
The issue allows remote attackers to bypass authentication and post messages or comments as an arbitrary user. This is achieved by modifying the
blogphp username field in a cookie.Recommendations
For BlogPHP version 2.0, consider restricting access to authentication mechanisms until a patch is available. As a temporary workaround, avoid using the
blogphp username field in cookies to minimize the risk of exploitation.Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Blogphp